The present invention relates to the use of computer systems in connection with transactions, such as financial transactions, and particularly to enhance the ability of parties to enter into substantial transactions with increased security.
Computers and communications technology are coming into wide use as aids to commercial transactions. Transactions such as personal check verifications and credit card purchase authorizations have become everyday experiences.
One type of transaction aid that has been proposed is an offline xe2x80x9cidentity-basedxe2x80x9d transaction system in which a Certification Authority (CA) vouches for validity and veracity of data in a user""s certificate distinguish between two types of public key signature based transaction systems. Systems of this type utilize state-of-the-art techniques such as public keys, private keys and digital signatures. The role of digital signatures is to replace real-life signatures and allow a user in an xe2x80x9celectronic worldxe2x80x9d to have a mechanism for signing documents. The digital signature identifies the signer and unequivocally associates the signer with the document signed. It provides non-repudiation of the sender and enables transitive passing of authenticated messages. The nature of CA""s, public keys, private keys and digital signatures is explained in Schneier, Bruce, Applied Cryptography, Second Edition, John Wiley and Sons, Inc. (1996). As used herein, a xe2x80x9cuserxe2x80x9d is a person, or a computer program acting on behalf of a person or a group of persons.
In order to be able to increase the scale of systems that use digital signatures, a mere personal digital signature scheme is not enough. In a crude form, every user must have the xe2x80x9csignature verification keyxe2x80x9d of every other user. Therefore, the notion and architecture of the CA has been suggested. In fact, a CA is an entity that vouches for the correctness of very specific messages, each of which establishes the association of xe2x80x9cuser identityxe2x80x9d with the user""s xe2x80x9csignature verification keyxe2x80x9d. Thus, a CA architecture is in fact a bootstrapping of the notion of digital signature. The individual users now do not have to have the verification key of each user, instead they can be presented with a signature and a xe2x80x9ccertificatexe2x80x9d where the CA signs the standard message associating a user with a verification key. To this end there are various schemes, including a standard one , described in CCITT Recommendation X.509, 1989.
In a basic CA-based architecture, a certificate is either xe2x80x9cpushedxe2x80x9d to the user by the signer, or the certificate is xe2x80x9cpulledxe2x80x9d from the CA by the user. The xe2x80x9corxe2x80x9d is not exclusive due to the possibility of revocation of certificates. In any case, we can assume an established xe2x80x9cCA architecturexe2x80x9d is in existence. For high scalability, there can be a hierarchy of CA""s (CA infrastructure). A user will go up the tree-structure to a CA that it trusts. The structure does not have to be a hierarchy and may have more semantics; namely various CA""s may deal with certain tasks, key types and transactions.
Systems of the type described above have proven able to support transactions in which it is sufficient to verify the identity of a party, typically a purchaser. However, they do not appear to be well suited for more complex transactions in which one or both parties are obligated to perform specific acts, or to achieve specific goals, or to possess specific characteristics, or qualifications, or credentials, or to have a certain state, or condition. Applicants have observed that in a commercial environment where financial service support for a transaction is needed, there is much more relevant information associated with a transaction than what a certificate provides. Similar considerations apply to a variety of transactions, such as those in which the qualifications, or credentials, of a party must be assured, health care, etc. While the following description of the invention will relate primarily to financial transactions, such transactions should be understood to represent only one exemplary area where the present invention can be used and the scope of the invention is as defined in the appended claims.
It is an object of the present invention to provide a xe2x80x9cwarranty-grantingxe2x80x9d system which allows a third-party entity to vouch for a user on a per-transaction basis based on one or more of the user""s history, characteristics and state, the term xe2x80x9cstatexe2x80x9d here being intended to refer to the user""s condition, status, or qualifications as they relate to the user""s ability to complete the transaction.
Another object of the invention is to allow third parties to provide reliable and up-to-date warranties required between entities in many typical commercial transactions.
A further object of the invention is to base the granting and validity of warranties on the nature of the transaction and the characteristics and current states of the parties involved in the transaction.
A further object is to provide for high availability and large transaction volume as in any public key infrastructure that is useable in an electronic commerce environment.
A further object is to provide a supporting infrastructure which can support a large number of simultaneous requests.
A further object of the invention is to support simultaneous requests in which a single client is requestor and a single client is the subject of the warranty.
In particular, an object of the invention is to enable a given client to request service on a new transaction while waiting for a response on a previously initiated transaction as well as to allow several clients to request warranties with respect to a single subject of warranty at the same time.
Another object of the invention is to provide a system which can support flexible processing in such a way that delays and congestion, which normally would be associated with warranty-based systems, can be minimized or avoided. These delays would be a result of the fact that the local representative may not keep all information locally and may have to obtain extensive verification from other sources. Delays might also be experienced if the decision associated with the issuance of a warranty cannot be automated, i.e., requires human input. The ability to optimally accommodate both completely automated transactions and delayed transactions is an important feature of the system.
The above and other objects according to the invention are achieved by a method for providing a warranty relating to a transaction between two parties, each party having a data communications device, in a system comprising an infrastructure composed of a plurality of locations each associated with a respective institution which provides services to clients, each location having a computer system, a database coupled to the computer system and storing information about each client of the institution and a data communications device coupled to the computer system for communication with the data communications device of any one party, each party being a client of at least one of the institutions, the method comprising:
transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction;
conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client; and
transmitting a response to the request from the respective location to the one party.
A warranty-granting process according to the invention can be viewed as an augmentation of user certification transactions in a digital signature based context. It melds implicit verification checks on the identity of an obligor, who would be the subject of a warranty, and transaction-specific digital signature authenticity with respect to the subject of the warranty, with access control mechanisms designed to address privacy and warranty-issuance criteria.
The payment of fees for services provided by the supporting infrastructure can be consolidated within the supporting infrastructure. This is required both as a throughput issue and in order to ensure payment for services.
According to one feature of the present invention, only the party requesting a warranty need contact the supporting infrastructure.
According to another feature of the invention, a party who is a client of a particular institution, or local representative, need trust only that local representative. This is a result of the fact that any warranties issued to that client will be issued by his local representative and the fact that release of data concerning him within the supporting infrastructure is controlled by his local representative.
Warranty-granting systems can be implemented in one of several configurations, based on type of transaction and which party pays for the service (of acquiring the warranty).